Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Trojan? Virus? Blue Screen. help [RESOLVED]

dpends

Posted 12 February 2008 - 05:16 PM

dpends

Member

Topic Starter

Member

141 posts

The file for the last 24 hours is massive because it contains I guess the repeated attempts at this. Ergo I have included in this post only those from the one attempt at 17:49:26 . I can also send an additional one of the latest but it would be too much for one posting.

Advertisements

Essexboy

Posted 12 February 2008 - 05:27 PM

Essexboy

GeekU Moderator

Retired Staff

69,964 posts

Try this

Option 1

1. Downloadhttp://download.wind...Agent30-x86.exe2. Click Start, click Run, click Browse, locate the file that you saved in step 1, and then click Open. 3. Add the /wuforce switch to the end of the run command, and then click OK. For example, the run command may appear as the following: C:\WindowsUpdateAgent30-x86.exe /wuforce 4. Click Run. 5. Follow the steps to complete the wizard.

Option 2 if that should fail

1. Stop the Automatic Updates service. To do this, follow these steps:a. Click Start, click Run, type cmd, and then click OK. b. At the command prompt, type the following command, and then press ENTER:net stop wuauserv

2. Register the Wups2.dll file. To do this, follow these steps:a. At the command prompt, type the following command, and then press ENTER:regsvr32 %windir%\system32\wups2.dllNote For a computer that is running Windows XP Professional x64 Edition, type the following command, and then press ENTER:regsvr32 %windir%\syswow64\wups2.dll b. Click OK on each verification message that you receive.

3. Start the Automatic Updates service. To do this, type the following command at the command prompt, and then press ENTER:net start wuauserv 4. Exit the command prompt. To do this type exit, and then press ENTER.

dpends

Posted 12 February 2008 - 06:06 PM

dpends

Posted 12 February 2008 - 08:12 PM

dpends

Member

Topic Starter

Member

141 posts

It is a ................ GOOD MORNING.
Your efforts paid off. All 90+updates for Windows not only downloaded but they SUCCESSFULLY INSTALLED.
(It was solution number two that did the trick).
At the present moment (about 9:00 pm here EST) to turn the machine OFF for the night and shortly copy you. Older I is and today smarter we was.
I am not about, tonight, to do all that remains (about 17 tasks that your instructions break down to from the previous posts). I will wait until you are around (just in case) before starting the downloads, installs and cleans that may be worthwhile.
But let me start with one question: should we, after all of this, create a new Sytem Restore Point prior to doing anything more?
After I get your direction on this I will proceed on all of them and let you know how things go ....... after they are all done.
Right now, a sense of good feeling, relief and a heck of a lot of thank yous to ESSEXBOY.

dpends

Posted 13 February 2008 - 01:04 PM

dpends

Member

Topic Starter

Member

141 posts

At present am in the process of following the advice of one who knows. Have done a new systemrestore (Essexboy1 ... not about to forget), Disk Cleanup, (SpywareBlaster downloaded), Updated Windows ....
Am about to unload Norton (have downloaded file and directions) and will follow your instructions (then theirs). (My number for your tasks was so large because every little step was broken down so as not to be missed. Will post again when 'your post 21' process is completed.

Essexboy

Posted 13 February 2008 - 01:23 PM

dpends

Posted 13 February 2008 - 01:40 PM

dpends

Member

Topic Starter

Member

141 posts

O.K. Got the message (loud and clear)
S0: ... have downloaded and installed SpyBlaster.
Am now about to do the symanted stuff "as on post 21".
Will go no further than that.
Avast follows (it is on the desktop as a setupeng.exe file..
SOMETHING JUST OCCURRED TO ME:
IN reading the Norton Removal tool It says if you have any onlinebackup files then download a file called BackUpSet.exe. (I can live without any of those files). If one uses it ... is that just not leaving a part of Norton there? (and by extension potential problems).

Essexboy

Posted 13 February 2008 - 04:09 PM

Essexboy

GeekU Moderator

Retired Staff

69,964 posts

IN reading the Norton Removal tool It says if you have any onlinebackup files then download a file called BackUpSet.exe. (I can live without any of those files). If one uses it ... is that just not leaving a part of Norton there? (and by extension potential problems).

Unless you have used Norton online backup and you do not need the files, then that is not required

0

Advertisements

dpends

Posted 13 February 2008 - 05:58 PM

dpends

Member

Topic Starter

Member

141 posts

That was my conclusion. To that end I just carried on with the plan as you set it out. Avast 4.7 didn't come up on screen quite as you suggestedd. I could not get to any 'a' or other task bar symbol representing the program until after registering. It then appeared.Now, I did as you suggested ......... (sheepishly he said) .... and checked all the correct things .... but forgot to schedule a boot time scan. I just went ahead and using the scan local disks, scan archive files ............ saiid scan. It very shortly hit two trojans in zip folders (I moved them to 'the chest' as instructed) but it ran for a couple of minutes with the bottom line saying current scanner status infected. Then it returned to normal ie scanning without that message. When it hit the acrobat directary (after about 2 hours( it again came up with the scanner infected for the whole directory it seemed, then (a good 3-5 minutes later) it reverted to the Current Status Scanning wording. In neither of the latter two above cases did it ask me to move a file or stop ... just scanner status infected.I know it should have been put on boot scan prior to the first scan ... I just missed it ... (no excuses). My concerns are .......... "what it means I guess" and of course "What should I do" The scanner is still scanning ... but it seemed I should contact your at this point.I should .....???????

dpends

Posted 13 February 2008 - 06:28 PM

dpends

Member

Topic Starter

Member

141 posts

Perhaps too quick a reaction even though all the above is true.Scan just ended leaving me with another query.ReportNo. of Scanned Files 1099445 /16362Run Time: 3:25:14Infected Files: 0Size Scanned Files: 56.9 GBThen another report came up listing 12 files (most were just number and letter files) but all had the following format:C:\Documents and Settings\Toshiba\ApplicationData\SuperAntiSpywar.com\...\{19A7FF1D-23CB-46CD-8528-0B64844B7FEB} Result=Unable to scan:Archive is passwordprotected okBut it (avast) has an ACTION button giving me a series of choices of which some are Delete, Repair, Move, Chest Scan (It will not scan)... but Chest is highlightedWhat does one do here?

Essexboy

Posted 14 February 2008 - 12:17 PM

Essexboy

GeekU Moderator

Retired Staff

69,964 posts

Then another report came up listing 12 files (most were just number and letter files) but all had the following format:C:\Documents and Settings\Toshiba\ApplicationData\SuperAntiSpywar.com\...\{19A7FF1D-23CB-46CD-8528-0B64844B7FEB} Result=Unable to scan:Archive is passwordprotected

They are pasworded quarantine files and Avast does not know the password so it is telling you that..You will find this on all quarantined files form Antispy programmes - not a problem just ignore them

The first scan being thorough does take a long time (60 minutes on my system) but you do not need to do it that often as it is resident protecting you whenever your system runs

dpends

Posted 14 February 2008 - 12:24 PM

dpends

Member

Topic Starter

Member

141 posts

Good Day.
It is now the next day (for me too) and things may not look so panicky.
On 'turning in" last night, I did a boot scan with avast (as you set forth) and when I got up this am the computer was on with the windows desktop - No warnings nothing.
Whether that means it removed the virus from the above mentionned programs I know not. I have guessed that the Action file in the post just above must be the files of Superantispyware (logs,quarantines etc.) and just to leave them.
The post about the first scan still concerns me somewhat, perhaps because of my 'newness' to avast - thatbeing that the running scan infected message while scanning 2x. I looked in the Chest and found only 3 trojans/infections there. Whether avast cleaned the Office files (2 I believe) and all of Acrobat 8 I know not. I did have it, re test the acrobat 8 files (scan) and it said 0 infections. It then passed the morning boot scan.
Superanitspyware is still running and SpyBlaster has been loaded. What should I do with these ie should both be loaded and running etc .
YOUR advice would be appreciated.
Thanks

Essexboy

Posted 14 February 2008 - 01:05 PM

On 'turning in" last night, I did a boot scan with avast (as you set forth) and when I got up this am the computer was on with the windows desktop - No warnings nothing.

Good

I looked in the Chest and found only 3 trojans/infections there. Whether avast cleaned the Office files (2 I believe) and all of Acrobat 8 I know not. I did have it, re test the acrobat 8 files (scan) and it said 0 infections.

In the chest means Harmless - can't run

Superanitspyware is still running and SpyBlaster has been loaded. What should I do with these ie should both be loaded and running etc .

Spywareblaster does not run, basically it puts a kill bit in certain areas of the registry to stop malware being inserted. SAS has resident protection only for the duration of the 30 day trial, thereafter it is an on demand scanner, i.e. will run only when you tell it to

There is a very good forum on the Avast site, it is used by the programmers as well as the users. I am a member there http://forum.avast.com/index.phpit is an excellent source of information about all things AV and near everything else as well

So the big question what is the current state of affairs with your system. I would recommend re-running tuneup as per post 12 since you have uninstalled and installed some new programmes - just to smooth things out